Many of you have heard that several bitcoin services were victims of a recent Linode security breach today. Unfortunately, Bitcoinica is also among the services affected.

On 2013-03-01 at 6:30 UTC, our "hot wallet" hosted at Linode and containing over 10,000 BTC was emptied. The unauthorized access is consistent with that experienced by other bitcoin services, described by Linode as unauthorized access from Linode's "customer support interface".

PLEASE DO NOT RE-USE ANY OLD BITOIN DEPOSIT ADDRESSES

Customers should not use any bitcoin addresses previously used to fund their Bitcoinica accounts.

We must assume that the thief has retained private keys associated with old bitcoin deposit addresses. This would allow them to access any new bitcoins sent to old deposit addresses. As of now, our website will only display new deposit addresses which are not affected by this. However any old bitcoin addresses which you may have recorded for convenience should never be used ever again. This is the most important thing:

PLEASE DO NOT RE-USE ANY OLD BITOIN DEPOSIT ADDRESSES

Other important things:

- Customer funds will not be affected.

Bitcoinica is committed to absorbing any loss. The thief stole from us, not you.

- Customer data is safe.

The compromised server was entirely dedicated to holding our bitcoin "hot wallet" only. Thankfully, this function is the –only- one ever hosted at Linode. No customer data has ever been hosted at Linode. Also, there is no privileged access from the affected server. This means that no passwords, account activity, or any other customer data has been exposed by this incident.

Less important things:

This is a very unfortunate event. To support instant withdrawals for customers, our “hot wallet” balance was necessarily higher than other services. As such the impact to us is larger. However, Bitcoinica is financially sound and our customers will not be affected.

Linode has been a well-respected hosting provider. We have reached out to them to be as cooperative as possible in helping them identify the security breach that led to this incident, but have not yet received a response.

We hope we can soon report their full cooperation in recovering this loss.

I'm sorry but this looks like an inside job at Linode to me. There is also the theft from slush and the bitcoin faucet (and who knows who else), so a total of over 13,000 BTC or about 65K USD market value. Supposedly some outside hacker knew different high value sites would have Bitcoin wallets on Linode?